Date: Sat, 3 May 1997 16:12:43 -0700 (PDT) From: Alex Belits <abelits@phobos.illtel.denver.co.us> To: Joerg Wunsch <joerg_wunsch@uriah.heep.sax.de> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: libXt Message-ID: <Pine.LNX.3.95.970503155939.32726A-100000@phobos.illtel.denver.co.us> In-Reply-To: <19970503182437.OK27316@uriah.heep.sax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 3 May 1997, J Wunsch wrote: > As David E. Cross wrote: > > > Just curious if the libXt delivered with XFree86 3.2 has already been > > patched against the libXt bugs? > > AFAIK, not. It's X11R6.1 based. XFree86 3.3 (planned) will be > X11R6.3 based. Last time, I asked in bugtraq, the answer was, XFree86 3.2 is based on X11R6.1 with buffer overflow fixes that were not included in X11R6.1. But then a program was posted that demonstrated existing buffer overflows in any xterm, and I don't know if those are fixed anywhere or even are they caused by libXt or any other code. Probably only XFree86 people can give definitive answer. -- Alex P.S. I've already posted there my idea about having most of setuid programs split into setuid and non-setuid parts, and all known for me setuid programs that use X, perfectly fit there. My _another_ idea is to have kernel authentication for some setuid startup wrapper that will allow to enable changing userid of running process from some marked parts of the code for program started by that wrapper until next exec. Any comments on that one?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.95.970503155939.32726A-100000>